The use of DNA profiles in solving crimes has become an increasingly powerful tool for law enforcement agencies. To further the use of DNA in solving crime, the Federal Bureau of Investigation (FBI) created a system of DNA profile indexes, the Combined DNA Index System (CODIS). This system, officially activated in October 1998, allows participating forensic laboratories to compare DNA profiles with the goal of matching case evidence to other previously unrelated cases or to persons already convicted of specific crimes. According to the FBI's statistics, as of February 2001, CODIS was instrumental in providing leads in 1,733 investigations nationwide.

CODIS consists of a hierarchy of DNA indexes at the local, state, and national levels. Local index laboratories upload DNA profiles to the state indexes, and state index laboratories upload DNA profiles to the national index, which is maintained by the FBI. The laboratories at each level of the hierarchy decide which profiles will be uploaded to the next level. When the FBI officially activated the national index, eight states contributed profiles as part of the test use of the index. According to the FBI, as of February 2001, 36 state index laboratories uploaded DNA profiles to the national index - one laboratory in each of 34 states, the FBI laboratory in Washington, D.C., and the U.S. Army laboratory in Forest Park, Georgia. In addition, 62 local index laboratories uploaded DNA profiles to the state index laboratories in these 34 states. Finally, as of March 2001, 26 laboratories in 12 foreign countries used the FBI-developed software that supports the CODIS databases. Each foreign country using the software maintains its own independent DNA indexes, with no cross-access between the foreign CODIS systems and the FBI's CODIS system.

The forensic laboratories that participate in CODIS perform DNA tests on samples from crime scene evidence (forensic profiles) and on samples from offenders convicted of specific crimes (convicted offender profiles). According to the FBI, as of February 2001 the national index contained 23,301 forensic profiles and 492,227 convicted offender profiles. State law determines the offenses for which a convicted offender is required to submit a DNA sample for testing. There is a wide variation in the types and numbers of crimes for which state statutes require convicted offenders to submit DNA samples. For example, Virginia requires any individual convicted of a felony to provide a sample for DNA analysis while Kentucky only requires individuals convicted of sexual offenses to provide DNA samples. In addition, as of February 2001, 26 of the 50 states with convicted offender legislation required juveniles convicted of specific crimes to submit a DNA sample for inclusion in the convicted offender index.

The FBI provides CODIS-participating forensic laboratories with software, training, and technical support free-of-charge. The CODIS software organizes and manages the DNA profiles and related information. It is important to note that none of the CODIS indexes contain any personal identifying information related to the DNA profiles. For each profile, the indexes identify the sample number and laboratory that performed the DNA analysis. The laboratory that contributed a DNA profile to CODIS must consult its own records to determine where or with whom a specific DNA sample originated. Each time a laboratory uploads DNA profiles to the next level in the hierarchy, the software automatically compares the two groups of profiles and notifies the appropriate laboratories if there is a potential match between two or more profiles. The laboratories must then perform additional work to determine whether or not the profiles actually match.

Examples of crimes solved through the use of DNA profiles and CODIS can be found in newspaper articles nationwide. In addition, DNA evidence has also been used to release innocent people from prison. According to the Innocence Project at the Cardozo Law School, as of April 26, 2001, DNA evidence was instrumental in freeing 87 innocent people from prison nationwide, including 10 people on death row. Because DNA is such a powerful tool, concern has been raised about the potential for misuse of the information in CODIS. For example, the American Civil Liberties Union fears that the information in the indexes will be used for purposes other than law enforcement. A second concern is that the indexes will include the DNA profiles of innocent individuals, violating their right to privacy. Additionally, the integrity of the data contained in CODIS is extremely important since the DNA matches provided by CODIS are frequently a key piece of evidence linking a suspect to a crime.

The legislation authorizing CODIS, the DNA Identification Act of 1994 (Act), included a requirement that the FBI establish quality assurance standards to ensure the integrity of the DNA records entered into the system. The Act also placed strict limitations on the data that could be entered into CODIS and how that information could be used. In addition, the Act appropriated $40 million over a 5-year period for a grant program, administered by the Office of Justice Programs, National Institute of Justice (NIJ), to increase the capability and capacity of state and local forensic laboratories to perform DNA testing.

Prior to our audit, CODIS-participating laboratories were required to undergo annual audits to determine if they were in compliance with the FBI's quality assurance standards. Biennially, the audits were to be performed by an outside agency. The auditors were either DNA analysts from another laboratory or auditors representing an accreditation or certification agency. However, none of these audits included a review of the DNA profiles in CODIS to ensure they were complete, accurate, and allowable. In fact, no such audits of the DNA profiles in CODIS were being conducted at any level. Further, the FBI was not
informed of the laboratories' audit results, but instead the laboratories contributing DNA profiles to the national index simply certified that they had been audited and that they were in compliance with the legislation and quality assurance standards.

Due to significant law enforcement use of DNA, as well as the heightened risk that the FBI would not detect instances of noncompliance by the laboratories, we completed an audit of CODIS to: (1) evaluate the extent to which the FBI implemented and monitored the program, and (2) determine the extent of state and local participation in CODIS, particularly among those entities receiving Department of Justice grants for laboratory improvement. Our audit work included reviewing documentation at the FBI headquarters and the NIJ, and conducting audits at eight CODIS-participating laboratories. 1 At each laboratory we reviewed policies and procedures to determine if the laboratory was in compliance with the FBI's quality assurance standards and national index requirements. We also reviewed a judgmental sample of the forensic and convicted offender profiles each laboratory had contributed to CODIS to determine if the profiles were complete, accurate, and allowable. At the time of our audits, the eight laboratories had contributed approximately 24 percent of the forensic profiles and 71 percent of the convicted offender profiles contained in the national index.

Summary of Findings

Our audit disclosed that the FBI has made significant progress in implementing the CODIS program nationwide. As of March 2001, 129 laboratories in the United States used the CODIS software. Additionally, only one state was not either participating in the national index or completing the application process necessary to participate in the national index. It is clear that CODIS is an effective law enforcement tool since there are numerous examples of crimes solved using DNA profiles and CODIS. However, we found that:

The FBI needs to improve its oversight of CODIS-participating laboratories to ensure the laboratories are in compliance with the Act, the FBI's quality assurance standards, and the FBI requirements for laboratories participating in the national index. Our audits of eight state and local laboratories disclosed that four laboratories did not fully comply with the FBI's quality assurance standards and national index requirements. These laboratories agreed to initiate corrective action to resolve the findings from our audits. Also, although the CODIS-participating laboratories undergo annual audits to determine if they are compliant with the FBI's quality assurance standards, we noted that the FBI did not have a process in place to ensure that laboratories instituted appropriate corrective action for audit findings. FBI personnel stated that they were aware of the need for a process to resolve audit findings and that they were working to develop such a process.

The FBI needs to initiate procedures to ensure that DNA profiles in CODIS are complete, accurate, and allowable. At six of the eight laboratories audited, we found 49 unallowable or incomplete forensic profiles in CODIS out of the 608 forensic profiles reviewed. The unallowable profiles were from a known person other than the suspected perpetrator, such as a victim, an entry that is strictly prohibited from inclusion in CODIS. Further, at two of the eight laboratories we identified 6 incomplete or unallowable convicted offender profiles in CODIS out of the 700 convicted offender profiles we reviewed. We found that the unallowable profiles in CODIS were uploaded inadvertently or because a laboratory did not fully understand the rules governing acceptable profiles. Generally, the laboratories either removed the unallowable profiles from CODIS or corrected incomplete profiles when we notified them of the problem.

Although the FBI tracks the number of profiles in the national index by laboratory on a monthly basis, neither the FBI nor the Florida state index administrator recognized that 110 DNA profiles from the Miami-Dade Police Department had been deleted from both the state and national indexes. Due to software problems, the profiles were inadvertently deleted from the two indexes in September 1998. We brought this condition to the FBI's attention and the profiles were uploaded to the state and national indexes after the software problem was corrected.

The NIJ did not ensure that laboratory grants awarded through Congressional earmarks met the requirements of the Act. Of the seven grants reviewed, one grantee received two grants totaling $1,377,846 that did not call for the grantee to provide matching funds as required by the Act.

The audit results, which include information previously identified in individual laboratory reports, are discussed in greater detail in the Findings and Recommendations section of this report. Our audit objectives, scope and methodology, and a list of laboratories previously audited appear in Appendix I.